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REMARKS 

This amendment is responsive to the Final Office Action dated February 25, 2008, 
Applicant has amended claims 1,19, and 22 and cancelled claims 1 6-1 8 and 36-55. Claims 1-4, 
6-15, 19-24, 26-35, and 56 are pending upon entry of this amendment 

Claim Rejection Under 35 U.S.C. S 103 

In the Final Office Action, the Examiner rejected claims 1-3, 6-1 1 , 1 5, 22-24, 26-3 1 , 35, 
and 56 under 35 U.S.C. § 103(a) as being unpatentable over Valois (US 2004/0260818, "Valois") 
in view of Delany (US 2002/0156879, "Delany"). The Examiner also rejected claim 4 under 35 
U.S.C. § 103(a) as being unpatentable over Valois in view of Mitra (US 6,973,460, "Mitra") 
The Examiner further rejected claims 12-14, 19-21, and 32-34 under 35 U.S.C § 103(a) as 
being unpatentable over Valois in view of Delaney, and further in view of Nelson (US 6,243,71 3, 
"Nelson"). Applicant respectfully traverses the rejection to the extent such rejections may be 
considered applicable to the claims as amended. The applied references fail to disclose or 
suggest the inventions defined by Applicant's claims, and provide no teaching that would have 
suggested a rational reason to arrive at the claimed invention. 

In this Amendment, Applicant has amended the claims for the purpose of clarification. 
Applicant has amended claim 1, for example, to require storing, within a device, authorization 
data that defines at least one class of clients that access the device, wherein the authorization data 
defines for each class of clients an access control attribute and an associated regular expression 
specifying a textual pattern. Claim 1 as amended also requires receiving, with the device, a 
command from a client, wherein the command requests access to configuration data for the 
resource of the device, identifying the class of which the client is a member and retrieving, from 
the authorization data, the access control attribute and the regular expression for the identified 
class of which the client is a member. Applicant respectfully submits that claim 1 as clarified by 
the amendments includes requirements that the prior art fails to teach, suggest, or disclose, alone 
or in combination. 

Valois in view of Delany fails to teach, suggest, or disclose, for example, storing, within a 
device, authorization data that defines at least one class of clients that access the device, wherein 
the authorization data defines for each class of clients an access control attribute and an 
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associated regular expression specifying a textual pattern as required by amended claim 1 . 
Valois in view of Delany fails to teach, suggest, or disclose that authorization data defines, for a 
class of clients, both an access control attribute and an associated regular expression as required 
by amended claim 1. 

Valois generally fails to teach or suggest any method for actually controlling a client's 
access to a resource of a device as required by claim 1 . Instead, Valois teaches a system for 
verifying compliance with a security policy. Valois, Abstract. Valois also does not disclose how 
its teachings could be modified to effect controlling access to a resource of a device. 
Accordingly, Valois foils to disclose or suggest authorization data that defines for each class of 
clients an access control attribute and an associated regular expression specifying a textual 
pattern as required by Applicant's claim 1 . 

Instead, Valois teaches the use of test scripts that express a security characteristic or 
policy as a test. Valois, ^ [0055], These test scripts do not control a client's access to a resource 
of the tested device, nor could they, as the scripts are executed while the device is offline. 
Valois, T| [0025]. Moreover, the output of the system of Valois is a "pass" or "fail" for each 
script, rather than a granting or a denying a client's access to a resource of a device. Valois, \ 
[0067]. Valois lacks any mention whatsoever of authorization data that defines at least one class 
of clients that access the device. Valois therefore necessarily fails to teach that the authorization 
data defines for each class of clients an access control attribute and an associated regular 
expression specifying a textual pattern. To the extent that Valois teaches regular expressions, 
Valois teaches that a regular expression is used as one of the test scripts to search an access 
control list for a particular string. Valois is devoid of any teaching that regular expressions and 
access control rights are both associated with authorization data for classes of clients that access 
a device. 

The combination of Valois and Delany likewise fails to teach, suggest, or disclose 
authorization data defines for each class of clients an access control attribute and an associated 
regular expression specifying a textual pattern. Delany lacks any teaching whatsoever as to a 
regular expression associated with authorization data as required by Applicant's amended claim 
1 . Accordingly, Valois in view of Delany fails to teach, suggest, or disclose authorization data 
that defines at least one class of clients that access the device, wherein the authorization data 
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defines for each class of clients an access control attribute and an associated regular expression 
specifying a textual pattern . 

Although discussed primarily with respect to independent claim 1 , Applicant's other 
claims are also patentable due to similar amendments. Applicant has amended independent 
claim 22 similarly to claim 1. Therefore, independent claim 22 is also patentable. 

Applicant has also amended independent claim 1 9 to require, inter alia, receiving input 
defining at least one class of clients that access a device, wherein the input defines for each class 
of clients an access control attribute and an associated regular expression that specifies a textual 
pattern, receiving an access request from a client, identifying the class of which the client is a 
member, and retrieving the access control attribute and the regular expression for the identified 
class of which the client is a member. 

Valois in view of Delany fails to teach these requirements of amended claim 19 for 
reasons similar to those discussed above with respect to claim 1 , Furthermore, Nelson fails to 
overcome the limitations of Valois in view of Delany, Nelson was cited for the teaching of 
preprocessing a regular expression to automatically insert one or more meta-characters into the 
' regular expression. Nelson fails to even teach, suggest, or disclose preprocessing a regular 
expression , let alone automatically inserting one or more meta-characters into the regular 
expression. Instead* Nelson merely teaches tokenizing regular text documents. Nelson, col 10, 
11. 39-54. Nelson says absolutely nothing about inserting meta-characters into a regular 
expression as required by Applicant's claim 19. Likewise, Nelson fails to overcome the 
limitations of Valois in view of Delany. 

For at least these reasons, Applicant's independent claims, i.e. claims 1,19, and 22, are 
patentable. As the dependent claims incorporate the limitations of the respective independent 
claims, the dependent claims, i.e. clams 2-4, 6-15, 20-21, 23-24, 26-35, and 56 are also 
patentable. Moreover, the dependent claims include a number of limitations likewise not taught, 
suggested, or disclosed by the applied references. 

For example, claim 2 requires wherein controlling access comprises allowing access to 
the configuration data when the access control attribute denies access to the resource and the 
textual pattern of the regular expression matches the command. In the Final Office Action, the 
Examiner cited Valois at % [0067] as disclosing that the access control attribute denies access to 
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the resource. However, Valois says nothing about denying access to a resource at f [0067]. 
Instead, Valois teaches that "if the set of ACLs referenced exactly matches the set of ACLs 
defined, the test program 26 outputs a 'pass 1 result 44" at % [0067], This is in no way related to 
allowing access to configuration data as required by claim 2. Valois teaches that this comparison 
is important to diagnosing network security, but says nothing of using such a test program to 
allow access to configuration data. Valois, f [0068]. The Examiner also cited fflf [0017H<> 018 3 
of Del any as teaching the textual pattern of the regular expression matches the command as 
further required by claim 2. These cited paragraphs of Delany say absolutely nothing of a regular 
expression that matches a command. Therefore Valois in view of Delany fails to teach, suggest, 
or disclose the requirements of claim 2, Similar remarks apply with respect to claim 3, which 
teaches denying, rather than allowing, access under similar but opposite circumstances. 

As another example, claim 6 requires wherein the coarse-grain access control attribute 
comprises a set of permission bits, and each of the permission bits is associated with a respective 
group of the resources within the network device. In the Office Action, the Examiner cited K 
[0161] of Delany as disclosing this requirement of claim 6. However, this cited portion of 
Delany says nothing of a permission bit being associated with a respective group of resources. 
The cited portion merely describes the general notion of access control as disclosed by Delany. 
The word "bits" does not even occur in the specification of Delany. Likewise, the word "bits" 
does not occur in the specification of Valois. Therefore Valois in view of Delany fails to teach or 
suggest wherein the coarse-grain access control attribute comprises a set of permission bits, and 
each of the permission bits is associated with a respective group of the resources. Moreover, the 
Examiner previously argued that the URL prefixes and hosts names are coarse-grain access 
control attributes defined by authorization data. The URL prefixes and host names of Delany 
could not comprise permission bits associated with groups of resource within the network device. 
Claim 26 comprises a similar requirement for which similar arguments apply. 

For at least these reasons, the Examiner has failed to establish a prima facie case for non- 
patentability of Applicant's claims 1-4, 6-15, 19-24, 26-35, and 56 under 35 U,S,C. § 103(a), 
Applicant therefore respectfully requests withdrawal of this rejection. 



-12- 
PAGE 15/16 * RCVD AT 4/25/2008 4:39:23 PM [Eastern Daylight Time] 1 SVR:USPTO-EFXRF-6/39 * DNIS:2738300 1 CSID:6517351102 1 DURATION (mm-ss):03-14 



04/25/2008 15:30 6517351102 SHUMAKER 8 SIEFFRERT PAGE 16/16 

Application Number 10/628,885 

Amendment dated April 25, 2008 

Response to Office Action mailed February 25, 2008 

CONCLUSION 

All claims in this application are in condition for allowance. Applicant respectfully 
requests reconsideration and prompt allowance of all pending claims. Please charge any 
additional fees or credit any overpayment to deposit account number 50-1778. The Examiner is 
invited to telephone the below-signed attorney to discuss this application. 

Date: By: 

April 25. 2008 ^-~^<D. ^^u^ 

SHUMAKER & SIEFFERT, P.A. Name: Kent J. Sieffert 

1625 Radio Drive, Suite 300 Reg. No.: 41,312 

Woodbury, Minnesota 55125 
Telephone: 651.286-8341 
Facsimile: 651.735.1102 
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